HTTP or HTTPS? What on earth is the difference?

https-icon

Before trying to answer the question we should perhaps differentiate between http and https.

Http stands for hypertext transfer protocol. It is the protocol used for transferring data from the web to a browser when viewing web pages. When using http, data is not encrypted when it’s transferred. This means that third parties can easily intercept the information.

The S at the end of http tells you the site is ‘secure’; it has a SSL (secure socket layer) certificate. So what is “secure”? It means that as data is transferred it is encrypted so that it can no longer be intercepted by third parties. Another way of putting this is to say that the computers agree on a “code” between themselves. As information is then transferred it is scrambled so that it cannot be read by third parties.

How to tell when a site is secure (i.e. https)?

The green padlock below shows that the browsers connection to the server is secure. If there is no padlock or the padlock is broken then the page is not using SSL.

https

When should I use https?

The short answer – “if you are an e-commerce site then you definitely should have a SSL certificate”. An e-commerce site will be collecting personal information about customers including credit card details. This information is then stored on a database so it can be processed later. Without a SSL certificate customer data is much much more vulnerable.

Not suprisingly, the public is becoming more and more concerned about online security and the safety of their own data. With a SSL certificate sensitive data such as credit card numbers and personal information is encrypted. It shows online shoppers that you are doing your bit to keep their personal information safe.

There may be situations where you do not sell online but collect membership information. This could involve storing usernames and passwords. In these situations you really should have a SSL certificate. Without it hackers could intercept the information. Once the hackers have this information then your customers become much more vulnerable. I know of many people that only use one or two passwords for all their sensitive information.

How can you tell when a site has a SSL certificate?

The green padlock below shows that the browsers connection to the server is secure. If there is no padlock or the padlock is broken then the page is not using SSL.

When you don’t need a SSL certificate?

If you are selling online you can use a 3rd party firm like PayPal. You can then forward customers to Paypal where credit card information is then entered. In this situation your site will not be touching the credit card information. Note: if you are accepting credit card information on your site using PayPal then you need a SSL certificate.

If you have a simple site with no products or memberships then having a SSL certificate is not necessary and probably not worth the cost.

Do you have an opinion about https? ¬†Why not leave a comment below…

Scroll Up